ATTENTION : SCAM ALERT, News (Owen Sound Minor Hockey Group)

Icon for Register Your Child Today
Register Your Child Today
Icon for Tournaments
Tournaments
Icon for Coach Resources
Coach Resources
Icon for Trainer Resources
Trainer Resources
News Article
News Article Image
May 22, 2019 | OSMHG | 1922 views
ATTENTION : SCAM ALERT
PLEASE disregard any E-Mails that come from OSMHG Executive, Staff, or Coaches etc. asking you to complete a "task" or do them a favour ASAP because they are in a meeting and can't do it themselves. 
Please read more to see an example and learn what "Phishing" and "Spear Phishing" is...

I got an interesting email this morning. It was “from” Grant Oldrieve, the "Executive President" of Owen Sound Minor Hockey Group – but the return address was a bit odd: “[email protected]” As this unfolded, it became obvious that this was a classic “spear phishing” attack. I’ll run you through the email exchange for entertainment purposes, and then talk about the lessons to be learned here. The original message was short and sweet:

Please do you have a moment? Am tied up in a meeting and there is something I need you to take care of.

Thanks

Executive President


Lots of things about messages like this should raise your eyebrow. First, always look at the return E-Mail address. Second the language is often not what you would expect. Third, it was signed Executive President, and lastly, would this person really ask you to take care of such a task? And without chatting in person or a phone call?

Sometimes, I string the person along and it might look something like this ...

Sure – what’s up?

I’m currently in a meeting right now and I want to gift out some Gift Cards to some clients today ASAP. I want you to make arrangements to get the gift cards. Is that okay with you?

P.S.: I’m currently in a meeting right now, just reply back. Is that okay with you?

Thanks

Aha. Now money is involved. And notice the use of “I’m currently in a meeting right now” as an obvious attempt to discourage me from calling to check on the legitimacy of the messages. Let’s see how far we can run this:

Sure. How can I help?

And the reply again:

I need 10 PHYSICAL Apple iTunes gift cards of $100 face value. That’s $100 x 10 = $1,000.

Note: $100 x 10 qty of Apple iTunes Gift Cards are needed. Once you get the physical cards, you should gently scratch-off silver lining at the back for the pin codes, lay them all out in batches, then snap a photo and email the clear picture to me via email before leaving the store right away. Make sure you email them to me before leaving the store. Is that okay with you?

P.S.: I’m currently in a meeting right now, just reply back.

Thanks

 

Yep, nothing suspicious at all about that, is there? Let’s push it a little:

I’m on my way into the office now. I can either drop them by your office, or just leave them at the front desk. Will that work?

Well, apparently not:

No, I want them via email.I want you to gently scratch-off silver lining at the back for the pin codes, lay them all out in batches, then snap a photo and email the clear picture to me via email. Is that okay with you?

Thanks
 

They won’t accept the company credit card – they want cash only for the gift cards. Looks like you’re out of your meeting – can you have someone cut a cheque for me? I’ll be happy to run it down to the store and pick up the gift cards.

Apparently that’s not going to work…

You may go to Apple store and try. Is that okay with you?
Thanks

 
I did. They insist on cash only. How would you like to proceed?
 
 

Okay, you can pay with your cash. You’ll obviously be reimbursed,is that okay with you?
Thanks

 

Well, geez, that’s mighty kind of you to let me front this with $1,000 of my own cash, but…

I’m sorry, but I don’t have an extra $1,000 at the moment to front this. I’ll be at the office in 5 minutes, we can talk then.

But these folks just don’t want to let it go:

Can you buy $300 card?
 

They obviously think I’m pretty stupid, and the feeling is mutual. Bear in mind that I’ve already told them that I would be in the office in 5 minutes, and that was about a half hour ago. But let’s try to milk it a bit longer:

You want one $300 card or three $100 cards? And which email address do you want me to send to?

I won’t bore you with the rest of the exchange. At this point, I just want to see how long I can successfully jerk them around, and whether maybe, just maybe, I can get a mailing address of some kind to send the “gift cards” to.

So…what should we learn from this?

  • This was a targeted attack (which is what distinguishes “spear phishing” from ordinary “phishing” emails that are blasted out to thousands of recipients). Someone did enough research on OSMHG to identify which individuals within our organization was likely to have the authority to make a request like this, and used that individual’s name to specifically target others.

  • You might think that we would be too small for someone to go to that much trouble to target us. You’d be wrong.

  • The amount they requested ($1,000) was not an unreasonable amount for a company our size. Trying to scam us for $50K would have been an obvious overreach. Again, you might think that it’s not worth the trouble to only score $1,000 – let alone the $300 that I negotiated down to. But if they can actually score a half dozen times a month, it adds up to a reasonable payday.

  • These guys didn’t care whose money they took. Company credit card? Fine – even if it ended up costing me my volunteer job, lol.  My own money? That’s fine too. Can’t afford $1,000? How about $300? They’ll take whatever I’m dumb enough to give them.

  • You are not exempt from attacks like this! Your organization is not too big or too small to be targeted. Whether you know it or not, you probably have already been targeted. If you haven’t been, you will be. I know the Bluewater District School Board has been targeted several times over the past couple of years.

It is axiomatic that the “weakest link in the security chain” is the end user.  IT professionals may live and breathe this security stuff, but end users don’t. They’re just busy trying to get their jobs done. And one end user who clicks on the wrong link, or responds incorrectly to a phishing attempt like this one, can circumvent all of the expensive technological security solutions that may be in place. It’s important to always verify with personal contact when money is involved. And NEVER give out confidential or other sensitive information via E-Mail.

Other News
Dec 19, 2025
Holiday Goalie Development Camp - Open Registation
Dec 12, 2025
Welcome to the 2025 Owen Sound Jr. Attack Jamboree!
Nov 26, 2025
Get Excited – The 2025 Owen Sound Jr. Attack Jamboree is Almost Here!
Oct 19, 2025
Cub Academy Registration Now Open!
Oct 06, 2025
U4/U5 “My First Jersey Day” – Celebrating Our Youngest Players
Sponsors
WINMAR Owen Sound
WINMAR® Owen Sound is a leading Southwestern Ontario-based, IICRC-certified, full-service property damage restoration company specializing in water, fire, wind, contents, and mould damage. Founded in 1995 as the 13th WINMAR® franchise, we have developed and maintained strong roots within our operating region of Grey and Bruce Counties. WINMAR® Owen Sound provides emergency, restoration, and additional contractor services to a wide range of customers. Via a two-pronged customer service approach, we are able to not only service residential homeowners but also commercial and industrial customers including municipalities, schools, nursing homes, commercial businesses, medical facilities, and not-for-profit organizations.
Scotiabank
Scotiabank is a leading bank in Canada and a leading financial services provider in the Americas. We are here for every future. We help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
Harold Sutherland Construction Ltd
Established in 1960, Harold Sutherland Construction Ltd. has continuously grown and evolved into a diversified company. Over the past 55 years, Harold Sutherland Construction Ltd. has gained a solid reputation in construction and aggregate excellence. We are committed to supporting our community, protecting the environment and are dedicated to providing a safe workplace for our employees.
Locking Business Furnishings
We have a large variety of new and used high-quality office furniture in our showroom; custom design layouts are also available. We are a dealer for Intelligent Office Furniture, a manufacturer of high-quality office furniture products and backed by an extended warranty. We also carry several other Canadian manufacturers. Locking Business Furnishings has been a family-owned and operated business (three generations) since its inception in 1928. We specialize in new and used business furniture, cash registers and safe works.
Owen Sound Fire & Emergency Services
Working Together to Make A Safer Community The City of Owen Sound can indeed be very proud of their dedicated group of professional fire fighters, who have a history of more than 150 years of service. The department has 26 full time Firefighters, 1 full time Training Officer, and 2 full time Fire Prevention Professionals. Owen Sound is a 911 Community.
Baker Tilly
"Baker Tilly Canada’s independent firms provide value-added accounting, audit, tax and advisory solutions through established local expertise and global reach. Baker Tilly Canada Cooperative (formerly Collins Barrow National Cooperative Incorporated) is a member of the global network of Baker Tilly International Limited, the members of which are separate and independent legal entities. Baker Tilly Canada refers to the association of member firms of Baker Tilly Canada Cooperative, each of which is a separate and independent legal entity. For more information regarding Baker Tilly International and Baker Tilly Canada"